Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
24/02/2024, 08:33
General
-
Target
2024-02-24_7d8da46315e59e3ea1103a7b65513ee9_mafia.exe
-
Size
411KB
-
MD5
7d8da46315e59e3ea1103a7b65513ee9
-
SHA1
ea891d62df1dcb1c1c096b150f5ee34c9c998e61
-
SHA256
81ec80d355fbfc96ae8a7fddfc2acb9276579779253d3caad0a76852600532f5
-
SHA512
2b9017552e996628902ac32ac32f81c289d7c6e26c9c4ed8e0c7f0daa96f4d0f0c4a7ff0c9e7693d92956e46791efcdb1355609b31c26585c7c20bb145eab531
-
SSDEEP
6144:gVdvczEb7GUOpYWhNVynE/mFKQpkqfhhVKScwrZ8VmJfQS9MwqHI:gZLolhNVyEXyki8uz9fqHI
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-24_7d8da46315e59e3ea1103a7b65513ee9_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-24_7d8da46315e59e3ea1103a7b65513ee9_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\6039.tmp"C:\Users\Admin\AppData\Local\Temp\6039.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-02-24_7d8da46315e59e3ea1103a7b65513ee9_mafia.exe 1677FA90EF5E91E424C7E8969F8554D23A9F2706700A09C836C99F374D5F47D253F39B5A18F9AA209CACBEE0A587D77757E65239759D9477A6E91E4FF1F7B35A2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
411KB
MD54530d3428f497051c26dbbc7299fe627
SHA186e1d08a05236197c339ff7b35168ce33a30f798
SHA256c3d384d5e6bd14f204b1cbd2893555632a23aa905a7c387caa8ae25e1e99b1fd
SHA512a2e3a339702c218aa6dd4dc8d0366e0605d0f1128ba70a03fb920b40e1207a98f7691d8d6f0480e1e52cf6c5a8ebad5c540b9315245bda77d0d0b80bd8faa7a8